Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Keep in mind that all types of security testing can be disruptive. Although the skipfish scanner is designed not to carry out malicious attacks, it may accidentally interfere with the operations of the site. You must accept the risk, and plan accordingly. Run the scanner against test instances where feasible, and be prepared to deal with the consequences if things go wrong.

Use skipfish only against services you own, or have a permission to test.

Skipfish installation:
Open terminal from Applications > Accessories > Terminal, and type following command to install

sudo apt-get install skipfish

Using Skipfish:
Once you have the dictionary selected, you can try:

$ skipfish -o output_dir http://www.example.com/

Note that you can provide more than one starting URL if so desired; all of them will be crawled.

The tool will display some helpful stats while the scan is in progress (as shown in the image below). You can also switch to a list of in-flight HTTP requests by pressing return.

In the example above, skipfish will scan the entire www.example.com (including services on other ports, if linked to from the main page), and write a report to output_dir/index.html. You can then view this report with your favorite browser.